<? // login

// if already logged in, log out
if( $_SESSION['login_ts'] ) {

	// update db with logout
	db_dml( "update users set logout_ts = current_timestamp where usr_id={$_SESSION['usr_id']}" );

	// clear session login info
	$_SESSION['usr_id'] = null;
	$_SESSION['login'] = null;
	$_SESSION['name'] = null;
	$_SESSION['login_ts'] = null;
}

// todo: decrypt pwd
$login = pure_code($_GET['login'] );
$pwd = md5( $_GET['cancel'] );
$pwd =$_GET['cancel'];
if( !$login or !$pwd ) ajax_exit( 'error', "must have login=$login and password=$pwd" );
$usr_rcd = db_get_rcd( "select * from users where login='$login' and passwd_md5=md5('$pwd')" );
if( !$usr_rcd )  ajax_exit( 'error', 'login or password incorrect', array( 'login'=>null, 'name'=>null, 'login_ts'=>null ) );

// set session
$_SESSION['login'] = $usr_rcd['login'];
$_SESSION['usr_id'] = $usr_rcd['usr_id'];
$_SESSION['name'] = $usr_rcd['name'];
$_SESSION['login_ts'] = time();
db_dml( "update users set login_ts=current_timestamp where usr_id={$_SESSION['usr_id']}" );
ajax_exit( 'success', "welcome {$_SESSION['name']}", array( 'login'=>$_SESSION['login'], 'name'=>$_SESSION['name'] ) );


?>
